SSL Key Could not be Parsed

205 views
Skip to first unread message

Rajavel Selvaraj Ganesan

unread,
Jun 6, 2022, 4:46:24 PMJun 6
to gce-discussion
Hi All,

I'm trying to setup HTTP(S) load balancer within GCP. 

I have my SSL certificate (Cert & Private key pem file). 

Receiving this error after adding necessary details "The SSL key could not be parsed."

What could be the problem ? Wish GCP had clear logging to troubleshoot this.

Appreciate your thoughts!

Regards,
Vels

Leonardo Belloc Mendiola

unread,
Jun 10, 2022, 3:00:09 PMJun 10
to gce-discussion

 The issue could be due the PEM format , So I suggest review that the certificate is having a correct PEM format as is required on GCP to create SSL certificate resource:


  • PEM Format 

  • It cannot be protected by a passphrase

  • Its encryption algorithm must be either RSA-2048 or EDC P-256 


Also, you can use the following command to validate your self managed SSL certificate 


openssl x509 -in CERTIFICATE_FILE -text -noout


Replace CERTIFICATE_FILE with the path to your certificate file

If OpenSSL is unable to parse your certificate:

 

The commands above and the full recommendations to troubleshoot self managed SSL certificates are in this guide .

Selvaraj Ganesan, Rajavel

unread,
Jun 10, 2022, 3:02:33 PMJun 10
to Leonardo Belloc Mendiola, gce-discussion

Yes, I was able to fix them by removing passphrase. Thank you so much team! 

 

Now the challenge is that, SAML Authentication is enabled on application (2 app servers behind) – the Load Balancer isn’t allowing to connect to Azure AD for SAML authentication to work.

 

From: 'Leonardo Belloc Mendiola' via gce-discussion <gce-dis...@googlegroups.com>
Sent: Friday, June 10, 2022 3:00 PM
To: gce-discussion <gce-dis...@googlegroups.com>
Subject: [gce-discussion] Re: SSL Key Could not be Parsed

 

*** EXTERNAL EMAIL, think before you click. ***

--
© 2018 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
 
Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-dis...@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.
---
You received this message because you are subscribed to a topic in the Google Groups "gce-discussion" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/gce-discussion/A15LPTCdxBQ/unsubscribe.
To unsubscribe from this group and all its topics, send an email to gce-discussio...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gce-discussion/957c2395-0901-4bd8-bcca-22e9afff30e4n%40googlegroups.com.




Confidentiality Notice: This message and any attachments are intended only for the use of the intended recipient(s), are confidential, and may be privileged. If you are not the intended recipient, you are hereby notified that any review, re-transmission, copying, printing, distribution, reliance on, or other use of this message and any attachments is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return email and delete this message and any attachments from your system.



Confidentiality Notice: This message and any attachments are intended only for the use of the intended recipient(s), are confidential, and may be privileged. If you are not the intended recipient, you are hereby notified that any review, re-transmission, copying, printing, distribution, reliance on, or other use of this message and any attachments is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return email and delete this message and any attachments from your system.
Reply all
Reply to author
Forward
0 new messages